The Small Business Cybersecurity Guide

Everything you need to know to protect your business — in plain English

What SPF, DKIM, DMARC, and DNSSEC Are

If you send email from your business domain, these four records help other systems decide whether to trust it. They also help protect your brand from spoofing and tampering.

  • SPF (Sender Policy Framework) tells receiving mail servers which systems are allowed to send email for your domain.
  • DKIM (DomainKeys Identified Mail) adds a digital signature so the receiver can check that the message was not altered in transit.
  • DMARC (Domain-based Message Authentication, Reporting and Conformance) ties SPF and DKIM together and tells receivers what to do when a message fails those checks.
  • DNSSEC (DNS Security Extensions) helps protect DNS records from being changed or faked before they reach the person looking them up.

Why Small Businesses Need Them

Without these records, it is easier for criminals to send emails that look like they came from your business. That can mean spoofed invoices, fake staff requests, and customers being tricked by your name.

They also help with delivery. If SPF, DKIM, and DMARC are missing or misconfigured, legitimate business email is more likely to land in spam or fail checks at the receiving end.

DNSSEC is not an email record, but it matters because your email records live in DNS. If DNS is tampered with, your protections can be undermined.

How JCPIT Checks Them

Our Free Domain Health Check looks at the live DNS records for your domain and checks the basics: whether SPF, DKIM, and DMARC exist, whether they are valid, and whether SPF is overloaded with too many lookups.

We also review DMARC policy settings, so you can see whether the domain is only monitoring, quarantining suspicious mail, or actively rejecting it. If you want a broader view of exposed risk, start with the Free Security Check.

DNSSEC is handled through Domain Management. That is where we review registrar and DNS provider support, enable it where available, and keep it working when other DNS changes are made.

What JCPIT Fixes

We fix the parts that make these records hard for small businesses to manage on their own:

  • Create or clean up SPF, DKIM, and DMARC records
  • Reduce SPF lookup bloat so the record stays within normal limits
  • Adjust DKIM selectors to match your mail provider
  • Tighten DMARC from monitoring to quarantine or reject where appropriate
  • Enable DNSSEC where your registrar and DNS host support it
  • Keep email authentication aligned when mail systems or providers change

If your team is already dealing with phishing or inbox issues, our Email Security service can add another layer of protection while we sort out the domain side.

Where to Start

If you want a quick read on what is exposed, use the Free Domain Health Check. If you want JCPIT to fix and maintain the records for you, go to Domain Management. If you are not sure which path fits, start with the Free Security Check and we will point you in the right direction.

References

Need help fixing your domain records?
Start with a free domain health check, or hand the records over to us through Domain Management.
Free Domain Health Check Domain Management

Not sure where to start? Try the Free Security Check.